Subversion Repositories ALCASAR

Rev

Rev 2769 | Rev 3100 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2769 Rev 2770
Line 18... Line 18...
18
DIR_DNS_WL="$DIR_SHARE/unbound-wl"					# all the WL	'	'	'
18
DIR_DNS_WL="$DIR_SHARE/unbound-wl"					# all the WL	'	'	'
19
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
19
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
20
DIR_IP_WL="$DIR_SHARE/iptables-wl"					# IP ossi disabled WL
20
DIR_IP_WL="$DIR_SHARE/iptables-wl"					# IP ossi disabled WL
21
CNC_BL_NAME="ossi-bl-candc"
21
CNC_BL_NAME="ossi-bl-candc"
22
CNC_URL="https://osint.bambenekconsulting.com/feeds/"
22
CNC_URL="https://osint.bambenekconsulting.com/feeds/"
23
CNC_DNS_BL_URL=${CNC_URL}c2-dommasterlist-high.txt
23
CNC_DNS=${CNC_URL}c2-dommasterlist-high.txt
24
CNC_IP_BL_URL=${CNC_URL}c2-ipmasterlist-high.txt
24
CNC_IP=${CNC_URL}c2-ipmasterlist-high.txt
25
SED="/bin/sed -i"
25
SED="/bin/sed -i"
26
CURL="/usr/bin/curl"
26
CURL="/usr/bin/curl"
27
 
27
 
28
# cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp)
28
# cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp)
29
function clean_split (){
29
function clean_split (){
Line 92... Line 92...
92
		;;
92
		;;
93
	# Update C&C-Server Blacklist (TODO : check that there is a difference between two downloads)
93
	# Update C&C-Server Blacklist (TODO : check that there is a difference between two downloads)
94
	-update_ossi-bl-candc | --update_ossi-bl-candc)
94
	-update_ossi-bl-candc | --update_ossi-bl-candc)
95
		# check availability of the lists
95
		# check availability of the lists
96
        echo "Downloading blacklists from ${CNC_URL}..."
96
        echo "Downloading blacklists from ${CNC_URL}..."
97
        STATUS_URL_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_DNS_BL_URL})
97
        STATUS_DNS_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_DNS})
98
        STATUS_IP_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_IP_BL_URL})
98
        STATUS_IP_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_IP})
99
        # if downloaded successfully
99
        # if downloaded successfully
100
        if [ $STATUS_URL_BL = 200 ] && [ $STATUS_IP_BL = 200 ]; then
100
        if [ $STATUS_DNS_BL = 200 ] && [ $STATUS_IP_BL = 200 ]; then
101
            ## parse domain names and ips from feed (cut first 19 lines (comments) and extract first column)
101
            ## parse domain names and ips from feed (cut first 19 lines (comments) and extract first column)
102
            CNC_URLS=$($CURL $CNC_DNS_BL_URL | tail -n +19 | awk -F, '{print $1}')
102
            CNC_DOMAINS=$($CURL $CNC_DNS | tail -n +19 | awk -F, '{print $1}')
103
            CNC_IPS=$($CURL $CNC_IP_BL_URL | tail -n +19 | awk -F, '{print $1}')
103
            CNC_IPS=$($CURL $CNC_IP | tail -n +19 | awk -F, '{print $1}')
104
            ## create files and adapt downloaded data to alcasar structure (add newlines after each ip/domain)
104
            ## create files and adapt downloaded data to alcasar structure (add newlines after each ip/domain)
105
            BL_DIR=${DIR_DG_BL}/${CNC_BL_NAME}
105
            BL_DIR=${DIR_DG_BL}/${CNC_BL_NAME}
106
            rm -rf ${BL_DIR}
106
            rm -rf ${BL_DIR}
107
            mkdir $BL_DIR
107
            mkdir $BL_DIR
108
            echo $CNC_URLS | tr " " "\n" > ${BL_DIR}/urls
108
            echo $CNC_DOMAINS | tr " " "\n" > ${BL_DIR}/urls
109
            echo $CNC_IPS | tr " " "\n" > ${BL_DIR}/domains
109
            echo $CNC_IPS | tr " " "\n" > ${BL_DIR}/domains
110
            ## reload ossi-blacklists to add the created blacklist to ALCASAR
110
            ## reload ossi-blacklists to add the created blacklist to ALCASAR
111
            echo "Download successfull."
111
            echo "Download successfull."
112
            /usr/local/bin/alcasar-bl.sh --reload
112
            /usr/local/bin/alcasar-bl.sh --reload
113
            exit 0
113
            exit 0
114
        # if server responded with a code different than 200
114
        # if server responded with a code different than 200
115
        else
115
        else
116
            ## 000 means that curl failed
116
            ## 000 means that curl failed
117
            if [ $STATUS_URL_BL = 000 ] || [ $STATUS_IP_BL = 000 ]; then
117
            if [ $STATUS_DNS_BL = 000 ] || [ $STATUS_IP_BL = 000 ]; then
118
                echo "ERROR: curl could not access the internet to download blacklists."
118
                echo "ERROR: curl could not access the internet to download blacklists."
119
                echo "This appears to be an error on your side: please check the connection to the internet."
119
                echo "This appears to be an error on your side: please check the connection to the internet."
120
            else
120
            else
121
                echo "ERROR: could not donwload blacklists: Server returned non-200 codes:"
121
                echo "ERROR: could not donwload blacklists: Server returned non-200 codes:"
122
                echo "${CNC_DNS_BL_URL} returned ${STATUS_URL_BL}"
122
                echo "${CNC_DNS} returned ${STATUS_DNS_BL}"
123
                echo "${CNC_IP_BL_URL} returned ${STATUS_IP_BL}"
123
                echo "${CNC_IP} returned ${STATUS_IP_BL}"
124
                echo "Check the availability of the sites. Maybe the server removed its content or changed its address."            
124
                echo "Check the availability of the sites. Maybe the server removed its content or changed its address."            
125
            fi
125
            fi
126
	        exit 1
126
	        exit 1
127
        fi
127
        fi
128
    	;;
128
    	;;